How severe is CVE-2024-21685?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2024-21685?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-21685 - HIGH Severity | CVSS 7.4

Vulnerability Description

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21 Jira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8 Jira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0 See the release notes. You can download the latest version of Jira Core Data Center from the download center. This vulnerability was found internally.

Related Vulnerabilities

CVE-2016-2084

HIGH

CVSS:7.4(High)

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6...

CWE-2002016

CVE-2016-3664

HIGH

CVSS:7.4(High)

Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obta...

CWE-2002016

CVE-2016-8495

HIGH

CVSS:7.4(High)

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MIT...

CWE-2002016

CVE-2017-14709

HIGH

CVSS:7.4(High)

The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-...

CWE-2002017

CVE-2017-7520

HIGH

CVSS:7.4(High)

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

CWE-2002017

CVE-2019-5880

HIGH

CVSS:7.4(High)

Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2002019